Žádám o kontrolu logu

Snake · Příspěvekod **Snake** » 18 čer 2015 13:25

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:23:21, on 18.6.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Terezka\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 8 (AdvancedSystemCareService8) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: ICM_UpdaterService Disp (ICM_UpdaterService) - Unknown owner - C:\Program Files (x86)\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\MsMpEng.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\Windows\system32\mqsvc.exe (file missing)
O23 - Service: @mqutil.dll,-6203 (MSMQTriggers) - Unknown owner - C:\Windows\system32\mqtgsvc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing)

--
End of file - 11990 bytes

Reklama

Příspěvekod **jaro3** » 18 čer 2015 17:09

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

Snake · Příspěvekod **Snake** » 19 čer 2015 16:32

# AdwCleaner v4.206 - Log vytvořen 19/06/2015 v 15:24:32
# Aktualizováno 01/06/2015 by Xplode
# Databáze : 2015-06-17.1 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x64)
# Uživatelské jméno : Terezka - SNAKE
# Spuštěno z : C:\Users\Terezka\Desktop\adwcleaner_4.206.exe
# Nastavení : Sken

***** [ Služby ] *****

***** [ Soubory / Složky ] *****

Složka Nalezeno : C:\Program Files (x86)\MediaPlayerV1
Složka Nalezeno : C:\Program Files (x86)\VideoDownloadConverter
Složka Nalezeno : C:\Program Files (x86)\VideoPlayerV3
Složka Nalezeno : C:\ProgramData\FileCure
Složka Nalezeno : C:\ProgramData\Kromtech
Složka Nalezeno : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Složka Nalezeno : C:\Users\Terezka\AppData\Local\genienext
Složka Nalezeno : C:\Users\Terezka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Složka Nalezeno : C:\Users\Terezka\AppData\Roaming\Systweak
Soubor Nalezeno : C:\Users\Terezka\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam
Soubor Nalezeno : C:\Users\Terezka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
Soubor Nalezeno : C:\Users\Terezka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.icq.com_0.localstorage
Soubor Nalezeno : C:\Windows\System32\roboot64.exe

***** [ Naplánované úlohy ] *****

***** [ Zástupci ] *****

***** [ Registry ] *****

Data Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Klíč Nalezeno : HKCU\Software\distromatic
Klíč Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Klíč Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Klíč Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Klíč Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Klíč Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Klíč Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Klíč Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Klíč Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Klíč Nalezeno : HKCU\Software\ParetoLogic
Klíč Nalezeno : HKCU\Software\Pokki
Klíč Nalezeno : [x64] HKCU\Software\distromatic
Klíč Nalezeno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Klíč Nalezeno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Klíč Nalezeno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Klíč Nalezeno : [x64] HKCU\Software\ParetoLogic
Klíč Nalezeno : [x64] HKCU\Software\Pokki
Klíč Nalezeno : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper
Klíč Nalezeno : HKLM\SOFTWARE\Driver-Soft
Klíč Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211}
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25D62E1A-BD8B-4E6E-B7CC-1E0EE04A4622}
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54}
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius Professional Edition_is1
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter
Klíč Nalezeno : HKLM\SOFTWARE\ParetoLogic
Klíč Nalezeno : HKLM\SOFTWARE\VideoDownloadConverter
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Google Chrome v43.0.2357.124

[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] - Nalezeno [Search Provider] : hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Nalezeno [Extension] : jbolfgndggfhhpbnkgnpjkfhinclbigj
[C:\Users\Terezka\AppData\Local\Google\Chrome\User Data\Default\Web data] - Nalezeno [Search Provider] : hxxp://www.amazon.com/websearch/ref=bit ... old&query={searchTerms}
[C:\Users\Terezka\AppData\Local\Google\Chrome\User Data\Default\Web data] - Nalezeno [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=61DE6C8B-0D36-49A6-B907-91E605EAC10F&n=780bab13&ind=2014030611&p2=^ZK^xdm937^YYA^cz&si=slot55278

*************************

AdwCleaner[R0].txt - [9125 bytů] - [19/06/2015 15:24:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9183 bytů] ##########

Snake · Příspěvekod **Snake** » 19 čer 2015 16:33

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 19.6.2015
Čas skenování: 15:40:10
Protokol: malwarebytes Anti-Malware log.txt
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.06.19.03
Databáze rootkitů: v2015.06.15.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Terezka

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 465042
Uplynulý čas: 45 min, 53 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 14
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VideoDownloadConverter, , [6728a9137119a492b0d8ff8595717888],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1616D9C1-1EA6-406F-8923-AF901EBBB8F2}, , [4f406d4fddad043213d73a536e972dd3],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{165DB715-52B8-4780-8DF9-238FEFC250B4}, , [abe4d8e4fb8fe3533eacc3cadd28c838],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B1EC15E-B12E-4C8E-BBFE-EBCEA84986C1}, , [fd925c607f0bf44246a34449cb3af907],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5216E9FA-8D4D-40A5-A7ED-5FB426D8EA5F}, , [127db804197165d164858805669f8a76],
PUP.Optional.TNT.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}, , [5e317c4041497db9f82fa05519eabf41],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7C99B01B-B428-4493-81E8-40371BA3E16D}, , [f29d724a5d2dc86e7971b3dabe476b95],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{98CB29B0-3402-4CD8-948D-1493BD65AD3C}, , [810ea51738527abc3eac3d5016ef2ed2],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A18FF402-45AB-45F9-B93D-55C9D2E9ABE2}, , [3f509824bad0bf77edfdb0dda26303fd],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A1B866AE-F64B-403A-A3FD-864E4EBB1D16}, , [0c8344785c2e8ea8e406cfbedf266b95],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CB9E0670-2EE8-42EE-9492-8E84E242EC7E}, , [b3dc4d6f652547ef4aa0dbb251b45aa6],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ED198CFD-27BE-42A1-8B5B-6746A29FC0F6}, , [c3ccc0fc701a8aacb435afde2bdaf808],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F1C2A82F-47F1-46FA-B574-CEA3EC71ADFD}, , [6728e1dbc1c9ed49fceeeba25da80bf5],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F5B3059D-EA86-4740-A968-E5C5566EC062}, , [b1de75478efcc47238b2eba2669fc53b],

Hodnoty registru: 13
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1616D9C1-1EA6-406F-8923-AF901EBBB8F2}|AppName, DP1815-enabler.exe-codedownloader.exe, , [4f406d4fddad043213d73a536e972dd3]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{165DB715-52B8-4780-8DF9-238FEFC250B4}|AppName, DP1815-enabler.exe-codedownloader.exe, , [abe4d8e4fb8fe3533eacc3cadd28c838]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B1EC15E-B12E-4C8E-BBFE-EBCEA84986C1}|AppName, DP1815-enabler.exe-buttonutil.exe, , [fd925c607f0bf44246a34449cb3af907]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5216E9FA-8D4D-40A5-A7ED-5FB426D8EA5F}|AppName, DP1815-enabler.exe-buttonutil.exe, , [127db804197165d164858805669f8a76]
PUP.Optional.TNT.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}|AppName, TNT2User.exe, , [5e317c4041497db9f82fa05519eabf41]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7C99B01B-B428-4493-81E8-40371BA3E16D}|AppName, DP1815-enabler.exe-codedownloader.exe, , [f29d724a5d2dc86e7971b3dabe476b95]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{98CB29B0-3402-4CD8-948D-1493BD65AD3C}|AppName, DP1815-enabler.exe-codedownloader.exe, , [810ea51738527abc3eac3d5016ef2ed2]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A18FF402-45AB-45F9-B93D-55C9D2E9ABE2}|AppName, DP1815-enabler.exe-codedownloader.exe, , [3f509824bad0bf77edfdb0dda26303fd]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A1B866AE-F64B-403A-A3FD-864E4EBB1D16}|AppName, DP1815-enabler.exe-codedownloader.exe, , [0c8344785c2e8ea8e406cfbedf266b95]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CB9E0670-2EE8-42EE-9492-8E84E242EC7E}|AppName, DP1815-enabler.exe-codedownloader.exe, , [b3dc4d6f652547ef4aa0dbb251b45aa6]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ED198CFD-27BE-42A1-8B5B-6746A29FC0F6}|AppName, DP1815-enabler.exe-buttonutil.exe, , [c3ccc0fc701a8aacb435afde2bdaf808]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F1C2A82F-47F1-46FA-B574-CEA3EC71ADFD}|AppName, DP1815-enabler.exe-codedownloader.exe, , [6728e1dbc1c9ed49fceeeba25da80bf5]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F5B3059D-EA86-4740-A968-E5C5566EC062}|AppName, DP1815-enabler.exe-codedownloader.exe, , [b1de75478efcc47238b2eba2669fc53b]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 7
PUP.Optional.Mindspark.A, C:\Program Files (x86)\VideoDownloadConverter\ffmpeg.exe, , [c8c7a41869214fe7f890305408fe34cc],
PUP.Optional.Mindspark.A, C:\Program Files (x86)\VideoDownloadConverter\GalaSoft.MvvmLight.WPF4.dll, , [632c219b6822c5710385e1a3c73f0ef2],
PUP.Optional.Mindspark.A, C:\Program Files (x86)\VideoDownloadConverter\IAC.Helpers.dll, , [c6c9a319484252e40385c4c0877f2ed2],
PUP.Optional.Mindspark.A, C:\Program Files (x86)\VideoDownloadConverter\IAC.UnifiedLogging.dll, , [9ef14c703f4b46f03256e89c689e3ec2],
PUP.Optional.Mindspark.A, C:\Program Files (x86)\VideoDownloadConverter\uninstall.exe, , [6728a9137119a492b0d8ff8595717888],
PUP.Optional.Mindspark.A, C:\Program Files (x86)\VideoDownloadConverter\VideoDownloadConverter.exe, , [741b4b710981f6402761a0e45fa738c8],
PUP.Optional.RegCleanPro.C, C:\Windows\System32\roboot64.exe, , [d2bd83393753d4628667c7bc0df9d828],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

Příspěvekod **jaro3** » 19 čer 2015 17:26

Odinstaluj:
IObit\Advanced SystemCare 8

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Snake · Příspěvekod **Snake** » 22 čer 2015 11:14

# AdwCleaner v4.207 - Log vytvořen 22/06/2015 v 11:08:28
# Aktualizováno 21/06/2015 by Xplode
# Databáze : 2015-06-21.2 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x64)
# Uživatelské jméno : Terezka - SNAKE
# Spuštěno z : C:\Users\Terezka\Downloads\adwcleaner_4.207.exe
# Nastavení : Čištění

***** [ Služby ] *****

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\FileCure
Složka Smazáno : C:\ProgramData\Kromtech
Složka Smazáno : C:\Program Files (x86)\MediaPlayerV1
Složka Smazáno : C:\Program Files (x86)\VideoPlayerV3
Složka Smazáno : C:\Program Files (x86)\VideoDownloadConverter
Složka Smazáno : C:\Users\Terezka\AppData\Local\genienext
Složka Smazáno : C:\Users\Terezka\AppData\Roaming\Systweak
Složka Smazáno : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Složka Smazáno : C:\Users\Terezka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Soubor Smazáno : C:\Users\Terezka\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam
Soubor Smazáno : C:\Users\Terezka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
Soubor Smazáno : C:\Users\Terezka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.icq.com_0.localstorage

***** [ Naplánované úlohy ] *****

***** [ Zástupci ] *****

***** [ Registry ] *****

Klíč Smazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Klíč Smazáno : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25D62E1A-BD8B-4E6E-B7CC-1E0EE04A4622}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AADC8B2-562B-407B-88B3-916140226CBC}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{9103C314-C4E2-4463-8934-B19BCB46236D}
Klíč Smazáno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Klíč Smazáno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Klíč Smazáno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Klíč Smazáno : HKCU\Software\distromatic
Klíč Smazáno : HKCU\Software\ParetoLogic
Klíč Smazáno : HKCU\Software\Pokki
Klíč Smazáno : HKLM\SOFTWARE\Driver-Soft
Klíč Smazáno : HKLM\SOFTWARE\ParetoLogic
Klíč Smazáno : HKLM\SOFTWARE\VideoDownloadConverter
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius Professional Edition_is1
Data Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Google Chrome v43.0.2357.124

[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Extension] : jbolfgndggfhhpbnkgnpjkfhinclbigj

*************************

AdwCleaner[R0].txt - [9393 bytů] - [19/06/2015 15:24:32]
AdwCleaner[R1].txt - [8676 bytů] - [22/06/2015 11:04:38]
AdwCleaner[S0].txt - [8139 bytů] - [22/06/2015 11:08:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8197 bytů] ##########

Snake · Příspěvekod **Snake** » 22 čer 2015 11:31

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.7 (06.21.2015:2)
OS: Windows 7 Home Premium x64
Ran by Terezka on po 22.06.2015 at 11:16:52,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Booster Scan
Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Booster SkipUAC (Terezka)
Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Booster Update
Successfully deleted: [Task] C:\Windows\system32\tasks\Uninstaller_SkipUac_Administrator
Successfully deleted: [Task] C:\Windows\system32\tasks\Uninstaller_SkipUac_Terezka

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0C8F6C48-4115-4C0A-876C-A1AB54411AD2}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\driver genius
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B17D5A97-3C20-4D8E-A607-9DAA37AD6482}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update albrechto

~~~ Files

Successfully deleted: [File] C:\Users\Terezka\appdata\local\google\chrome\user data\default\local storage\hxxp_static.audienceinsights.net_0.localstorage

~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\driver-soft
Successfully deleted: [Folder] C:\ProgramData\baidu
Successfully deleted: [Folder] C:\ProgramData\drivergenius
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\driver booster 2
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\users\public\documents\baidu
Successfully deleted: [Folder] C:\Users\Terezka\appdata\local\tempdir
Successfully deleted: [Folder] C:\Users\Terezka\AppData\Roaming\productdata

~~~ Chrome

[C:\Users\Terezka\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Terezka\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Terezka\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Terezka\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
gcncagkkhfoombgbihckkccmkjemhohl,
mkfokfffehpeedafpekjeddnmnjhmcmk
]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 22.06.2015 at 11:30:17,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Snake · Příspěvekod **Snake** » 22 čer 2015 12:03

RogueKiller V10.8.5.0 (x64) [Jun 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Terezka [Práva správce]
Started from : C:\Users\Terezka\Downloads\RogueKillerX64.exe
Mód : Prohledat -- Datum : 06/22/2015 11:52:43

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 16 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1466218071-280367637-3420301710-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Nalezeno
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1466218071-280367637-3420301710-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0B1C4457-1592-464D-A898-F5DB1C99F269} | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0B1C4457-1592-464D-A898-F5DB1C99F269} | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0B1C4457-1592-464D-A898-F5DB1C99F269} | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1466218071-280367637-3420301710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1466218071-280367637-3420301710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1466218071-280367637-3420301710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1466218071-280367637-3420301710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1466218071-280367637-3420301710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1466218071-280367637-3420301710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1466218071-280367637-3420301710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1466218071-280367637-3420301710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nalezeno

¤¤¤ Úlohy : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> Nalezeno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST950032 5AS SATA Disk Device +++++
--- User ---
[MBR] f99be54b81de8598834baee55dd02f80
[BSP] f6be99a16529a7bbd022531c496ff447 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 456106 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 934514688 | Size: 16570 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 968450048 | Size: 4063 MB
User = LL1 ... OK
User = LL2 ... OK

Příspěvekod **Orcus** » 22 čer 2015 12:07

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

====================================================

Stáhni
Zoek.exe

a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

====================================================

Co problémy? + nový log z HJT

Snake · Příspěvekod **Snake** » 22 čer 2015 12:08

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 19.6.2015
Čas skenování: 15:40:10
Protokol: malwarebytes Anti-Malware log 2.txt
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.06.19.03
Databáze rootkitů: v2015.06.15.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Terezka

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 465042
Uplynulý čas: 45 min, 53 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 14
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VideoDownloadConverter, Do karantény, [6728a9137119a492b0d8ff8595717888],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1616D9C1-1EA6-406F-8923-AF901EBBB8F2}, Do karantény, [4f406d4fddad043213d73a536e972dd3],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{165DB715-52B8-4780-8DF9-238FEFC250B4}, Do karantény, [abe4d8e4fb8fe3533eacc3cadd28c838],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B1EC15E-B12E-4C8E-BBFE-EBCEA84986C1}, Do karantény, [fd925c607f0bf44246a34449cb3af907],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5216E9FA-8D4D-40A5-A7ED-5FB426D8EA5F}, Do karantény, [127db804197165d164858805669f8a76],
PUP.Optional.TNT.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}, Do karantény, [5e317c4041497db9f82fa05519eabf41],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7C99B01B-B428-4493-81E8-40371BA3E16D}, Do karantény, [f29d724a5d2dc86e7971b3dabe476b95],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{98CB29B0-3402-4CD8-948D-1493BD65AD3C}, Do karantény, [810ea51738527abc3eac3d5016ef2ed2],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A18FF402-45AB-45F9-B93D-55C9D2E9ABE2}, Do karantény, [3f509824bad0bf77edfdb0dda26303fd],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A1B866AE-F64B-403A-A3FD-864E4EBB1D16}, Do karantény, [0c8344785c2e8ea8e406cfbedf266b95],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CB9E0670-2EE8-42EE-9492-8E84E242EC7E}, Do karantény, [b3dc4d6f652547ef4aa0dbb251b45aa6],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ED198CFD-27BE-42A1-8B5B-6746A29FC0F6}, Do karantény, [c3ccc0fc701a8aacb435afde2bdaf808],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F1C2A82F-47F1-46FA-B574-CEA3EC71ADFD}, Do karantény, [6728e1dbc1c9ed49fceeeba25da80bf5],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F5B3059D-EA86-4740-A968-E5C5566EC062}, Do karantény, [b1de75478efcc47238b2eba2669fc53b],

Hodnoty registru: 13
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1616D9C1-1EA6-406F-8923-AF901EBBB8F2}|AppName, DP1815-enabler.exe-codedownloader.exe, Do karantény, [4f406d4fddad043213d73a536e972dd3]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{165DB715-52B8-4780-8DF9-238FEFC250B4}|AppName, DP1815-enabler.exe-codedownloader.exe, Do karantény, [abe4d8e4fb8fe3533eacc3cadd28c838]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B1EC15E-B12E-4C8E-BBFE-EBCEA84986C1}|AppName, DP1815-enabler.exe-buttonutil.exe, Do karantény, [fd925c607f0bf44246a34449cb3af907]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5216E9FA-8D4D-40A5-A7ED-5FB426D8EA5F}|AppName, DP1815-enabler.exe-buttonutil.exe, Do karantény, [127db804197165d164858805669f8a76]
PUP.Optional.TNT.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}|AppName, TNT2User.exe, Do karantény, [5e317c4041497db9f82fa05519eabf41]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7C99B01B-B428-4493-81E8-40371BA3E16D}|AppName, DP1815-enabler.exe-codedownloader.exe, Do karantény, [f29d724a5d2dc86e7971b3dabe476b95]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{98CB29B0-3402-4CD8-948D-1493BD65AD3C}|AppName, DP1815-enabler.exe-codedownloader.exe, Do karantény, [810ea51738527abc3eac3d5016ef2ed2]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A18FF402-45AB-45F9-B93D-55C9D2E9ABE2}|AppName, DP1815-enabler.exe-codedownloader.exe, Do karantény, [3f509824bad0bf77edfdb0dda26303fd]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A1B866AE-F64B-403A-A3FD-864E4EBB1D16}|AppName, DP1815-enabler.exe-codedownloader.exe, Do karantény, [0c8344785c2e8ea8e406cfbedf266b95]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CB9E0670-2EE8-42EE-9492-8E84E242EC7E}|AppName, DP1815-enabler.exe-codedownloader.exe, Do karantény, [b3dc4d6f652547ef4aa0dbb251b45aa6]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ED198CFD-27BE-42A1-8B5B-6746A29FC0F6}|AppName, DP1815-enabler.exe-buttonutil.exe, Do karantény, [c3ccc0fc701a8aacb435afde2bdaf808]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F1C2A82F-47F1-46FA-B574-CEA3EC71ADFD}|AppName, DP1815-enabler.exe-codedownloader.exe, Do karantény, [6728e1dbc1c9ed49fceeeba25da80bf5]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1466218071-280367637-3420301710-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F5B3059D-EA86-4740-A968-E5C5566EC062}|AppName, DP1815-enabler.exe-codedownloader.exe, Do karantény, [b1de75478efcc47238b2eba2669fc53b]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 7
PUP.Optional.Mindspark.A, C:\Program Files (x86)\VideoDownloadConverter\ffmpeg.exe, Do karantény, [c8c7a41869214fe7f890305408fe34cc],
PUP.Optional.Mindspark.A, C:\Program Files (x86)\VideoDownloadConverter\GalaSoft.MvvmLight.WPF4.dll, Do karantény, [632c219b6822c5710385e1a3c73f0ef2],
PUP.Optional.Mindspark.A, C:\Program Files (x86)\VideoDownloadConverter\IAC.Helpers.dll, Do karantény, [c6c9a319484252e40385c4c0877f2ed2],
PUP.Optional.Mindspark.A, C:\Program Files (x86)\VideoDownloadConverter\IAC.UnifiedLogging.dll, Do karantény, [9ef14c703f4b46f03256e89c689e3ec2],
PUP.Optional.Mindspark.A, C:\Program Files (x86)\VideoDownloadConverter\uninstall.exe, Do karantény, [6728a9137119a492b0d8ff8595717888],
PUP.Optional.Mindspark.A, C:\Program Files (x86)\VideoDownloadConverter\VideoDownloadConverter.exe, Do karantény, [741b4b710981f6402761a0e45fa738c8],
PUP.Optional.RegCleanPro.C, C:\Windows\System32\roboot64.exe, Do karantény, [d2bd83393753d4628667c7bc0df9d828],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

Snake · Příspěvekod **Snake** » 22 čer 2015 12:16

RogueKiller V10.8.5.0 (x64) [Jun 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Terezka [Práva správce]
Started from : C:\Users\Terezka\Downloads\RogueKillerX64.exe
Mód : Smazat -- Datum : 06/22/2015 12:11:27

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 16 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1466218071-280367637-3420301710-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Nahrazeno (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1466218071-280367637-3420301710-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Nahrazeno (http://search.msn.com/spbasic.htm)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0B1C4457-1592-464D-A898-F5DB1C99F269} | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0B1C4457-1592-464D-A898-F5DB1C99F269} | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0B1C4457-1592-464D-A898-F5DB1C99F269} | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1466218071-280367637-3420301710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1466218071-280367637-3420301710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1466218071-280367637-3420301710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1466218071-280367637-3420301710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1466218071-280367637-3420301710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1466218071-280367637-3420301710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1466218071-280367637-3420301710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1466218071-280367637-3420301710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nahrazeno (1)

¤¤¤ Úlohy : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> Smazáno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST950032 5AS SATA Disk Device +++++
--- User ---
[MBR] f99be54b81de8598834baee55dd02f80
[BSP] f6be99a16529a7bbd022531c496ff447 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 456106 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 934514688 | Size: 16570 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 968450048 | Size: 4063 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_06222015_115243.log

Snake · Příspěvekod **Snake** » 22 čer 2015 12:25

Zoex.exe mi bohužel ukazuje chybu. Jinak to vypadá že se stav zlepšil. Proč jsem musel dát ASC 8 pryč? Ten program je škodlivý? Ještě vložím nový HJT log.
Teď jsem restartoval pc a vyjel mi tento log.
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Terezka on po 22.06.2015 at 12:17:37,46.
Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 WMI=failure
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Terezka\Downloads\zoek.exe

Scripts are disabled or blocked by a security program, you cannot run zoek.exe
Disable security programs or enable scripting, and try again.

==== Reset WMI ======================

N sledujˇcˇ slu§by z visejˇ na slu§bŘ Slu§ba WMI.
Ukonźenˇ slu§by Slu§ba WMI tak‚ ukonźˇ tyto slu§by.

Centrum zabezpeźenˇ

Zastavov nˇ slu§by Centrum zabezpeźenˇ.
Slu§ba Centrum zabezpeźenˇ byla ŁspŘçnŘ zastavena.

Zastavov nˇ slu§by Slu§ba WMI.
Slu§ba Slu§ba WMI byla ŁspŘçnŘ zastavena.

C:\Windows\system32\wbem\repository renamed to repository.old
C:\Windows\syswow64\wbem\repository renamed to repository.old

==== C:\zoek_backup content ======================

==== After Reboot ======================

==== EOF on po 22.06.2015 at 12:31:44,11 ======================

Žádám o kontrolu logu Vyřešeno

Žádám o kontrolu logu

Re: Žádám o kontrolu logu

Re: Žádám o kontrolu logu

Re: Žádám o kontrolu logu

Re: Žádám o kontrolu logu

Re: Žádám o kontrolu logu

Re: Žádám o kontrolu logu

Re: Žádám o kontrolu logu

Re: Žádám o kontrolu logu

Re: Žádám o kontrolu logu

Re: Žádám o kontrolu logu

Re: Žádám o kontrolu logu

Kdo je online